Update ipsec.conf to reflect the attempt at s2s

- this isn't working
5 years ago · 60782fbeff
parent 9378cc8cdf
commit 60782fbeff
1 changed files with 21 additions and 25 deletions
--- a/deployments/serverBuild/ipsec.conf
+++ b/deployments/serverBuild/ipsec.conf
@ -1,27 +1,23 @@
-
+# basic configuration
 config setup
-    charondebug="ike 1, knl 1, cfg 0"
-    uniqueids=no
+        charondebug="all"
+        uniqueids=yes
+        strictcrlpolicy=no

-conn ikev2-vpn
-    auto=add
-    compress=no
-    type=tunnel
-    keyexchange=ikev2
-    fragmentation=yes
-    forceencaps=yes
-    dpdaction=clear
-    dpddelay=300s
-    rekey=no
-    left=%any
-    leftid=@vpn.awful.club
-    leftcert=awful-server-cert.pem
-    leftsendcert=always
-    leftsubnet=0.0.0.0/0
-    right=%any
-    rightid=%any
-    rightauth=eap-mschapv2
-    rightsourceip=10.10.10.0/24
-    rightdns=1.1.1.1,1.0.0.1
-    rightsendcert=never
-    eap_identity=%identity
+# connection to amsterdam datacenter
+conn home-to-digitalocean
+  authby=secret
+  left=%defaultroute
+  leftid=165.22.156.25
+  leftsubnet=10.138.0.0/16
+  right=0.0.0.0
+  rightsubnet=192.168.1.0/24
+  ike=aes256-sha2_256-modp1024!
+  esp=aes256-sha2_256!
+  keyingtries=0
+  ikelifetime=1h
+  lifetime=8h
+  dpddelay=30
+  dpdtimeout=120
+  dpdaction=restart
+  auto=start